Analysis Overview
SHA256
ab8a10d7649557a3c443a8180aaaa1b02518476d76f8c5fc227d1bde84664b34
Threat Level: No (potentially) malicious behavior was detected
The file a49fa82383880b23572c37fe6b7e378a_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 08:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 08:26
Reported
2024-06-13 08:28
Platform
win7-20231129-en
Max time kernel
142s
Max time network
144s
Command Line
Signatures
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "424429049" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000069ed370f108ca942a3f72a05ea850137000000000200000000001066000000010000200000000e32cc5065ce5b491360427eca034a2b8fc9c75d199a98077712f8e936445399000000000e800000000200002000000000a35b4b4f512713517993830f908ed1d6cdc9048179047b90cde225c191476a20000000926968e77197c1c6f5066136550d00c74e841509e239f8bf402aaa3313c03c7140000000ebe080c03c3d554bfd801fb557820fd8ad3543c58e68bfe8c6a04b4a246809ba6e0629537d49c4d5891e39f79103cf4bdc491da0ea27dd032b8393c560a7e66b | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0e641736bbdda01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\FaviconPath = "C:\\Users\\Admin\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000069ed370f108ca942a3f72a05ea85013700000000020000000000106600000001000020000000ea039dcc5f566a18390f1abce1e921e627a8c2b8587f39ae75da852743d91612000000000e80000000020000200000005702199f4e9a391ec07154995b3f5a871ccbbef054da585383837a7ca02ad260900000009d7c6ce7305027318ee6a118335fee18a4a89c0f85ae52be727badf17c695b329bd6ec2550a09d211fde43e12ff08c43dacf83900d04c449d5e9dded7a7f8f8e3efd5dfc2071d7ede0cb6d6ef6873ae2f9376c7a24ceba8f8fa15e77fd937f1b6dfad65627c8a48f58cb04b5401801afd8adb15707695779d469ebbeb1fc093396a2c4ab7cc1be75d8e87cdf503400844000000010fdc69d64c70502ec5ffd3db1b3a31b7710b7b985f421a07dfd50a54eaba66ebe3b1cf9e5c69098df5ee761b9f5637f34b848402d072246047da6ba3cd89351 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{9D3781E1-295E-11EF-8456-F62A48C4CCA6} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2212 wrote to memory of 2388 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 2388 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 2388 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2212 wrote to memory of 2388 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\a49fa82383880b23572c37fe6b7e378a_JaffaCakes118.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2212 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | wprp.zemanta.com | udp |
| US | 8.8.8.8:53 | powergirlfitness.com | udp |
| US | 8.8.8.8:53 | forms.aweber.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| GB | 142.250.200.42:443 | ajax.googleapis.com | tcp |
| US | 172.64.151.51:80 | forms.aweber.com | tcp |
| NL | 192.229.233.25:80 | platform.twitter.com | tcp |
| US | 172.64.151.51:80 | forms.aweber.com | tcp |
| NL | 192.229.233.25:80 | platform.twitter.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 8.8.8.8:53 | pki.goog | udp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 216.239.32.29:80 | pki.goog | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | s.w.org | udp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 192.0.77.48:80 | s.w.org | tcp |
| US | 192.0.77.48:80 | s.w.org | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| GB | 163.70.151.21:443 | scontent.xx.fbcdn.net | tcp |
| NL | 23.62.61.57:80 | www.bing.com | tcp |
| NL | 23.62.61.57:80 | www.bing.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarAEE.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 494e7464b9aa0befd30edfd83d8ea9af |
| SHA1 | c90ae972a3a3ec82d063efc81deb748dd3fec142 |
| SHA256 | 9fc2317bd798bce97354e3a82f506fddad31dbe821da72a7ea24193b811e3943 |
| SHA512 | 78957609efb8817afa986d0db99066e2bcca0a24632949a4318391d049467ac943b45601e54f8eee2498037f8951d700bb6ce8d375f98f62d37a6df72eb2d8a0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | cd98796909ae0b6ad376913142be75fc |
| SHA1 | d62ee314133d45eb3d475e498ce6d1d0d2b49390 |
| SHA256 | befaf83c4f107e1a4c17c60be27c393d169a691aef638018205a5ba46787b9d8 |
| SHA512 | 556f8709ca6bf971833ee779a74491916f2e5dd7bfcbd3ca486aefcc5f17ad369b808eae8a2318e9f99c00e39deb4325a3657526dbcc7830701cca0ff49f10b4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f30c4e9f1accf5429a08103260e057c6 |
| SHA1 | 2ff9a9683048ee2f737cd222e06a7a06b4cfdcd0 |
| SHA256 | 881476150cfebdbaacbe86cc15b53c468b235b6b923d2500ae1ed62d230f67a1 |
| SHA512 | 8f72b4499617b0383c0cbde2f107e4d2632796add61f5952fb8414b9cb0f40ffdaf9cb18f96ad574931a3fdeeefbabfb11ca31b9ca8569231072cfde2b3023d2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 99443bface91823801e753fcb2aa3f3b |
| SHA1 | d726e0fec0a8f66a15ea9e9b1ee0cb5046275a83 |
| SHA256 | b65e9bf4fd8e2b0745eac5a70e46febb3fe60cfc0128907f5aa2a0dc72bfd8cb |
| SHA512 | afdc5c8aa2431605ed56df0debd5b65825fd74fe92a54172534ee75ce1c57ab25e2c058f8713a09568a93e730b1401213ba824325ffcb60a5a70b9c9418500fa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6489c30548da4400fe2eeb384b6a0af8 |
| SHA1 | 739b11d23eeed7c1870424091f6fc8697f8a7d0d |
| SHA256 | 6d4f780942c8b21cb71023b89be99d55a8301fc938910300e3c79fb193e5cd0f |
| SHA512 | 983e8c4a881c358dadb098698b3f3e390bcf3628f37e73e2984337d00f431f032a594f1f6146c65df05e2e266af62661324c9f4d531a49f9aa76b5c67ecb2e01 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 56bf7a506317ccd10a65cbc773cc9bc9 |
| SHA1 | b76a165483f5912101a50f9917e770a2838406df |
| SHA256 | 5ae8018a5e6abf346a90a71445af6630443c166828b175e9814ac3ec74298bd0 |
| SHA512 | 546cf2d6908d88163c57645d667bfbf95a7bc05b296c6cdfe6de4df6cc337a29e3617e56b7c3dc448eda58f97b39b779d8f90f8ac36b85ed1e4d055d0debe04d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 68e7d724d77efdb7cef52980aef692ad |
| SHA1 | f9c694984cdefb873b255fcc4f22a3f1eb432273 |
| SHA256 | 8c7db6440e9f959092258a39845e3d7be34e19b31a3a45b4b5e5f93b99dc14ba |
| SHA512 | ce2fe67fa57c18b8a2ced852eb3fdebd720b44662ec057a279e351169f09e4d2d26b9c31e814b4a5249581b8f5148319fb3f503f174d31f85d05c19fd39b725f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | b35b88acd4f78d47c9b5310b48e0b554 |
| SHA1 | cce85ef619d42efef9a630b40afc3a4e6f10a334 |
| SHA256 | a47f118c7f014afa5198c416f9feaddf923531ff0bd63578e92ddf655f1d8cea |
| SHA512 | 34ae155814051b1523ea18e0969dd6da7eb132d8f84ab8c373b2cb6d78911edaec4bdccf5ea6559f1c1abf905533c3a8f55223baaa15d84366bdb2cdec1063c8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f54acaffb20bc1a758674fc6f0a80da5 |
| SHA1 | 2857045e153912c6de6ee47fc7b9fcd9ce51ef1c |
| SHA256 | bbb9a863275edbec0dcfbd2fd868473d1a443823d547c4978735354e606db1ac |
| SHA512 | 343c22d31ce367d603976c15638c5dd4a65451f66cb95be95868650201ee8909f23bbecf5a792ea4a5276551324bf5f7c7c4e17f21a553593ce403a201da22e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c26d8eae640d32fbe4d5fa13dfed498 |
| SHA1 | fed753dbc78a958d1ca98b5f9fb2d4fec412688e |
| SHA256 | 169c53cbc623ba49f66cecd08f214ac3a504db24a61b20b63767d215e6dd61d0 |
| SHA512 | 4db6860e488a24eb648253b64c9d1ba18cfea0447bb8af840114afb19bfdbae50fd5b9a2cc261c7d47b4b882280a318f43131f1ef86610f56ffaebfe20093cde |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 19875adc18f293af2700df3b5541a685 |
| SHA1 | 3c67be617d803bb2b524095c89e0c50053644fd8 |
| SHA256 | 0857774f235dafcfeabd60c8812238e6c75d04fb497998622008bd51fb58cd6f |
| SHA512 | dffcb9cf6019859842346b01fd07eebb5cfa8fed4b349e1d4447126f8acf63a3a9f15e9c4c97101e136b497c55abac166c0da53c3349879580f810837e6e88e3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 314c3d277fc753956919042e1e96db16 |
| SHA1 | 14071cc4ac3d2ea69bc433ecda2ef086927469a4 |
| SHA256 | 3a00187bf5fa0ff8fcb45f5f1ee03a03dc2fb98cc9dfe09737a8c02a9e71a736 |
| SHA512 | 38be2bde494ff9baba2a9197547ba234bf468e0b720e023e04808a014d654ee462f559666197f51f9220a4a349c88fe4f3a8282d605d6b48dff3129dec94158a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d6229ee9a59d36fe6f25ad608f5f36d5 |
| SHA1 | e8572e46e37745540dfea0728c638b8837c95c54 |
| SHA256 | 4c0dea5693d5cd75d2e267bfc29ea181482b2788bdf4e1d82aaf0cc57d3d9e47 |
| SHA512 | 23b3de972461f0eb5f46568823f1de231cc83d7db6767fcf284ecd56df4507d514e31237a1c1f7d8112dc8198f4e258e6c544017b24fecbdbbfe7aacc684f32d |
C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
| MD5 | da597791be3b6e732f0bc8b20e38ee62 |
| SHA1 | 1125c45d285c360542027d7554a5c442288974de |
| SHA256 | 5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07 |
| SHA512 | d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | aa38e6a91ce6feef7cb391575b060c06 |
| SHA1 | e52fe992c5d290366b0a688c87715f106e688c4d |
| SHA256 | f9b7d8cf495c53000aa58c6d38929386ee8e3685bba6280bae928657ca757974 |
| SHA512 | e7c48193ae3a90e12d154a23ddd85e44975b8b78116a380d5950170619d8589bac528936dfce946daf23f36448b8741d1ee198906878c0075ecd408fdb12827d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | e3cae25cefb5427e90ad5723c0af7dc9 |
| SHA1 | 19d668c34f28ef7f071192b4aec19713b3ca2ce6 |
| SHA256 | 50ffb4d03c1efe67bd1868237409b6ebb4b5c140e921bc4139fcf4fc81274f76 |
| SHA512 | 65890099a3175af31df73e53356e3e924264d2858a486b1e622ed72e014cd1088c1ac723f1a63f322c2cf171e7c94753eef3b4372b3b3988f89c887a0e337716 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c599d60b8fb52c1a022267725144a445 |
| SHA1 | 53c8c8c6d4b7746677167d179e1768851ecd6e67 |
| SHA256 | aa72dc5dfc53713f2bd144dbc07eba1ad96defe93319e8c3f91c8cd414d01f84 |
| SHA512 | d7c06769de400c8ba2a1e9d8071cedd707b2307950fcf4a9e50fee341a61ab41dbbc5a70d5fa51d89f5f90638a92ed1d6a42cbb7a290cebdf725199cad2cb211 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c198ead8c5711f6216d8af2bd3f8781d |
| SHA1 | a0bd090a2753e9052e02b5d04a4c53640aa9c0df |
| SHA256 | 88e0ae095116857e6c46ca51d67526c8b09d142a0875d6ddba13fd01da32e2d4 |
| SHA512 | 041eef2d8e6749ceb0c085deb4efd63704eab176826dda3bdaae032026f73b9e3ff21ef1dc82a32161a0afab7195daa1b8febf9ee001bc2caceb9b124280a463 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 59ed45389907155cc1c56bec69a687ad |
| SHA1 | 4ecdbd3a323810e1b8d7f974d809a0c124a6ba28 |
| SHA256 | a3b6d897c977881b7ef2fa30a5a71430ca0208cbf0a4fca74a817328c23788a0 |
| SHA512 | 73ccdbb169621e70cfec929b8f362ff4db159a4d9a6339e253d519e5050a1c85145b52c0c78901d9a320506e8eea87d155ed3bd5c58b2ec05e07433f3a945379 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 44c210b0c3e34e6cc9ac856f052ec037 |
| SHA1 | 2e97c051b6d33ae0dbe9e403a087a9e3915ab52e |
| SHA256 | e1400ac5e52f9fee58563fb469d96cb4ef8b84e71cdb6dce0be2bbe63b346e8d |
| SHA512 | 7e9ab5ff83218635d80397b460fdd917c61768e6daf1cb19973a8042d42e8d214db716a29f9ceb7aa4156c86660f05c37f18be0b8f8671eec4668d777555b0ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0f230dee998f82701a17925170251286 |
| SHA1 | d85876d34ccb324994b22f6660a7f9728989ea51 |
| SHA256 | bc2f7067f2f87d340b79a8e666fa901edd8d84eba3ce2a1750ab2c2f1924fa11 |
| SHA512 | 77757fa2f26d2acfaff0c6273f497506e1f9a47872c5574c10993b6d7cbdf85515c33ff9d4b3eeae41500f4bb7a822eceadd28c4d0c09ba73b2daa52134fffce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 058a7f85dbe3a1e4ef8a8f125131540b |
| SHA1 | 45c0c610da05d786e1300f0913afa6f1ec4b55b7 |
| SHA256 | 379bcac580f8be8ea8d77b091622aa2d4ec343d891b560bfe6c0bc72e8f3f23e |
| SHA512 | fdb9f95a85081532b41ef86e25a7c3361c2a681df97e64688d0e3bf7600a0a3f3b43ab093e41bb89fee12fa3eb98d8bfec1ced8f19f96b39dc779e10ccd18244 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c31c0931e41984f5f387bff3783a00bf |
| SHA1 | a3a25e15476750acb3cf2ade8cf01a73bf11c9d9 |
| SHA256 | 3bebe9c65a36db08f1f9d418b50acfcc1b85a1a3cb37f76b1bdd47e8720ef202 |
| SHA512 | d2ad30059d53852079d6a8b49c0671d1a384eec10f68f37c4fe3054c9bf321b842c90961a16c6af8083f43cd5c1d83c6b93aceebbc7d3501fddbbb2e30097f7f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a92732b24bb5f13395c5fbeeee37d0d8 |
| SHA1 | 2398aa5b01e07b28713910aec70848eb9bce6792 |
| SHA256 | 87c3c220dddb220b69b2b5e37806c3174b026c5ab860838806d2c93117c341c3 |
| SHA512 | 21c819124b52b20220fbed5cff8d0bb43f9710f1dddbb44da59f6797e4dcfa13ecd87f6c29347f16b2fef67efcf53695de4784177eb8bdfdadbe1e1c8bb7d344 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-13 08:26
Reported
2024-06-13 08:28
Platform
win10v2004-20240611-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a49fa82383880b23572c37fe6b7e378a_JaffaCakes118.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbdf746f8,0x7fffbdf74708,0x7fffbdf74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,15700969651951331139,9777840899638587824,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | powergirlfitness.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.201.106:443 | ajax.googleapis.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.43.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.237.12.198.in-addr.arpa | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| US | 8.8.8.8:53 | platform.twitter.com | udp |
| US | 8.8.8.8:53 | forms.aweber.com | udp |
| US | 8.8.8.8:53 | wprp.zemanta.com | udp |
| GB | 163.70.151.21:80 | connect.facebook.net | tcp |
| US | 104.18.36.205:80 | forms.aweber.com | tcp |
| PL | 93.184.220.66:80 | platform.twitter.com | tcp |
| GB | 163.70.151.21:443 | connect.facebook.net | tcp |
| PL | 93.184.220.66:443 | platform.twitter.com | tcp |
| GB | 216.58.213.14:80 | www.google-analytics.com | tcp |
| US | 198.12.237.38:80 | powergirlfitness.com | tcp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | syndication.twitter.com | udp |
| US | 104.244.42.8:443 | syndication.twitter.com | tcp |
| US | 8.8.8.8:53 | cdn.syndication.twimg.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| PL | 93.184.220.70:443 | cdn.syndication.twimg.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.36.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| NL | 23.62.61.57:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| GB | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | scontent.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.15.31.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c39b3aa574c0c938c80eb263bb450311 |
| SHA1 | f4d11275b63f4f906be7a55ec6ca050c62c18c88 |
| SHA256 | 66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c |
| SHA512 | eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232 |
\??\pipe\LOCAL\crashpad_4536_SWPLEVBPOUACQBMN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | dabfafd78687947a9de64dd5b776d25f |
| SHA1 | 16084c74980dbad713f9d332091985808b436dea |
| SHA256 | c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201 |
| SHA512 | dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f43ee8977e8ff98c00f6f0db3bdfa54 |
| SHA1 | b94dbdc3805cd05bad9d1619246116748ca06bd7 |
| SHA256 | f72238b19b7ff21bf2ee5b65e79255ab8a08c51899e7793ac647bc2475513d55 |
| SHA512 | 834699bf8c25ffe3e45a3961f9164a5b96163969bec7b6e66a572dc812ca7b3a918c7517513b2c9b64d449a814606736e0a26404e2900e755e443966c0d0cf56 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe8d2c589bc9b59783422ac5b8c75c0d |
| SHA1 | 41972882c60bc6bfecce469c9b76ce8446ef6596 |
| SHA256 | 0ff7c55daa7a7dc459a2e999c3e33851a389dfa3774c0b5dbd234748ca1b0b10 |
| SHA512 | 53cf48b9dfefac472d19444e103425313f20a7c4aea9be6622952d8e58c8aef55c19fe613d1056b97ce12d54f3818e34efb11770cb0b1eda6574f894ae2bc6e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ff3de8589a4e5a331c1fe071706dfc93 |
| SHA1 | 7480e9e7e2aa51c49fffdd9dec1921ed114f7bcc |
| SHA256 | 34d691c279f0cb92682399371dcfba9d57941a56f2f22a766555e474928c7387 |
| SHA512 | 2b0390b9d0497659ac1a2890e8956e340c9f3885a51f3c305ca01b35d252e0c904a1cfc1ffe9630c24575a95605989a7e743cc3accc11c400aca842de0ce12f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | d9517ea7475a2587e1d05cc9d5da383a |
| SHA1 | d106a9a4bdb6c582ecb1e836197e821fed5069c3 |
| SHA256 | 77b29377845dfb96303171e8f6b330c3fd2552bba7ab417ac00cbeb87bd79ca7 |
| SHA512 | 4bfda9a049ae45e597440a1a86a89d17d0662f320822c0b108e4728defe2b45ccf3e0d54770581bea16c296fadc804a8f8c9739c118dfe94d69d3101120a5d99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3466fb654162597e01149b5d2c513017 |
| SHA1 | ab3d59b6c18f39fc8779675be9b76d47118e01c5 |
| SHA256 | 4200bcf6ba2ee08232cb62a3ee192a4d1e57ae7a1dab767d0b05d9bed4946c38 |
| SHA512 | bb12c6b2ddc0d0565dc4227146e4e5ff0e02d49f055705a8bff45f912dd531af47bcdf522e40c409e987de651fccf790ee740da673c10a5ad5ef47cd276f570f |